While Linux firewalls are inexpensive and quite reliable, they lack the supportcomponent of their commerical counterparts. As a result, most users of Linuxfirewalls have to resort to mailing lists to solve their problems. Our authorshave scoured firewall mailing lists and have compiled a list of the most oftenencountered problems in Linux firewalling. This book takes a Chilton's manualdiagnostic approach to solving these problems.The book begins by presenting the two most common Linux firewallconfigurations and demonstrates how to implement these configurations in animperfect network environment, not in an ideal one. Then, the authors proceedto present a methodology for analyzing each problem at various network levels:cabling, hardware components, protocols, services, and applications. Theauthors include diagnostic scripts which the readers can use to analyze andsolve their particular Linux firewall problems. The reference distributions areRed Hat and SuSE (for international market).

Table of Contents:
I. GETTING STARTED. 1. Introduction.     Why We Wrote This Book     How This Book Is Organized     Goals of This Book     The Methodical Approach and the Need for a Methodology     Firewalls, Security, and Risk Management     How to Think About Risk Management     Computer Security Principles     Firewall Recommendations and Definitions     Why Do I Need a Firewall?     Do I Need More Than a Firewall?     What Kinds of Firewalls Are There?       Firewall Types     The Myth of "Trustworthy" or "Secure" Software     Know Your Vulnerabilities     Creating Security Policies     Training     Defense in Depth     Summary 2. Getting Started.     Risk Management     Basic Elements of Risk Management     Seven Steps to Managing Risk     Phase I: Analyze       Inventory       Quantify the Value of the Asset       Threat Analysis     Phase II: Document       Create Your Plan       Create a Security Policy       Create Security Procedures     Phase III: Secure the Enterprise       Implement Policies       Implement Procedures       Deploy Security Technology and Counter Measures       Securing the Firewall Itself       Isolating Assets       Filtering       Ingress/Egress Filtering     Phase IV: Implement Monitoring     Phase V: Test     Phase VI: Integrate     Phase VII: Improve     Summary 3. Local Firewall Security.     The Importance of Keeping Your Software Up to Date       yum       red carpet       up2date       emerge       apt-get     Over Reliance on Patching     Turning Off Services       Using TCP Wrappers and Firewall Rules       Running Services with Least Privilege       Restricting the File System     Security Tools to Install       Log Monitoring Tools       Network Intrusion Detection       Host Intrusion Detection       Remote Logging       Correctly Configure the Software You Are Using       Use a Hardened Kernel       Other Hardening Steps      Summary 4. Troubleshooting Methodology.     Problem Solving Methodology      Recognize, Define, and Isolate the Problem     Gather Facts     Define What the "End State" Should Be     Develop Possible Solutions and Create an Action Plan     Analyze and Compare Possible Solutions     Select and Implement the Solution     Critically Analyze the Solution for Effectiveness     Repeat the Process Until You Resolve the Problem       Finding the Answers or...Why Search Engines Are Your Friend       Websites     Summary II. TOOLS AND INTERNALS. 5. The OSI Model: Start from the Beginning.     Internet Protocols at a Glance       Understanding the Internet Protocol (IP)       Understanding ICMP       Understanding TCP       Understanding UDP       Troubleshooting with This Perspective in Mind     Summary 6. netfilter and iptables Overview.     How netfilter Works       How netfilter Parses Rules        Netfilter States       What about Fragmentation?       Taking a Closer Look at the State Engine     Summary 7. Using iptables.     Proper iptables Syntax       Examples of How the Connection Tracking Engine Works         Applying What Has Been Covered So Far by Implementing Good Rules     Setting Up an Example Firewall       Kernel Options       iptables Modules       Firewall Rules       Quality of Service Rules       Port Scan Rules       Bad Flag Rules       Bad IP Options Rules       Small Packets and Rules to Deal with Them       Rules To Detect Data in Packets Using the String Module       Invalid Packets and Rules to Drop Them       A Quick Word on Fragments       SYN Floods       Polite Rules       Odd Port Detection and Rules to Deny Connections to Them       Silently Drop Packets You Don't Care About       Enforcement Rules       IP Spoofing Rules       Egress Filtering       Send TCP Reset for AUTH Connections       Playing Around with TTL Values       State Tracking Rules       STEALTH Rules       Shunning Bad Guys       ACCEPT Rules     Summary 8. A Tour of Our Collective Toolbox.     Old Faithful     Sniffers       Analyzing Traffic Utilization       Network Traffic Analyzers     Useful Control Tools       Network Probes       Probing Tools     Firewall Management and Rule Building     Summary 9. Diagnostics.     Diagnostic Logging       Scripts To Do This for You       The catch all Logging Rule       The iptables TRACE Patch     Checking the Network     Using a Sniffer to Diagnose Firewall Problems     Memory Load Diagnostics     Summary III. DIAGNOSTICS. 10. Testing Your Firewall Rules (for Security!).       INSIDE->OUT Testing with nmap and iplog       Interpreting the Output from an INSIDE->OUT Scan       Testing from the OUTSIDE->IN       Reading Output from nmap       Testing your Firewall with fragrouter     VLANs     Summary 11. Layer 2/Inline Filtering.     Common Questions     Tools Discussed in this Part     Building an Inline Transparent Bridging Firewall with ebtables (Stealth Firewalls)       Filtering on MAC Address Bound to a Specific IP Address with ebtables       Filtering Out Specific Ports with ebtables     Building an Inline Transparent Bridging Firewall with iptables (Stealth Firewalls)     MAC Address Filtering with iptables     DHCP Filtering with ebtables     Summary 12. NAT (Network Address Translation) and IP Forwarding.     Common Questions about Linux NAT     Tools/Methods Discussed in this Part       Diagnostic Logging       Viewing NAT Connections with netstat-nat       Listing Current NAT Entries with iptables       Listing Current NAT and Rule Packet Counters       Corrective Actions     Summary 13. General IP (Layer 3/Layer 4).     Common Question     Inbound: Creating a Rule for a New TCP Service     Inbound: Allowing SSH to a Local System     Forward: SSH to Another System     SSH:  Connections Timeout     telnet: Forwarding telnet Connections to Other Systems     MySQL: Allowing MySQL Connections     Summary 14. SMTP (e-mail).     Common Questions     Tools Discussed in this Part     Allowing SMTP to/from Your Firewalls     Forwarding SMTP to an Internal Mail Server     Forcing Your Mail Server Traffic to Use a Specific IP Address with an SNAT Rule      Blocking Internal Users from Sending Mail Through Your Firewall     Accept Only SMTP Connections from Specific Hosts (ISP)     SMTP Server Timeouts/Failures/Numerous Processes     Small e-Mail Send/Receive Correctly-Large e-Mail Messages Do Not      Summary 15. Web Services (Web Servers and Web Proxies).     Common Questions     Tools Discussed in this Part       Inbound: Running a Local Web Server (Basic Rules)       Inbound: Filter: Incoming Web to Specific Hosts       Forward: Redirect Local Port 80 to Local Port 8080       Forwarding Connections from the Firewall to an Internal Web Server       Forward: To Multiple Internal Servers       Forward: To a Remote Server on the Internet       Forward: Filtering Access to a Forwarded Server        Outbound: Some Websites Are Inaccessible (ECN)       Outbound: Block Clients from Accessing Websites       Transparent Proxy Servers (squid) on Outbound Web Traffic     Summary 16. File Services (NFS and FTP).     Tools Discussed in this Part       NFS: Cannot Get NFS Traffic to Traverse a NAT or IP Forwarding Firewall       FTP Inbound: Running a Local FTP Server (Basic Rules)       FTP Inbound: Restricting Access with Firewall Rules       FTP Inbound: Redirecting FTP Connections to Another Port on the Server       FTP Forward: Forwarding to an FTP Server Behind the Firewall on a DMZ Segment       FTP Forward: Forwarding to Multiple FTP Servers Behind the Firewall on a DMZ Segment       FTP Forward: From One Internet Server to Another Internet Server       FTP Forward: Restricting FTP Access to a Forwarded Server       FTP Outbound: Connections are Established, but Directories Cannot Be Listed, and Files Cannot Be Downloaded     Summary 17. Instant Messaging.     Common Questions/Problems     Tools Discussed in This Part     NetMeeting and GnomeMeeting       Connecting to a Remote NetMeeting/GnomeMeeting Client from Behind an iptables Firewall (Outbound Calls Only)       Connecting to a NetMeeting/GnomeMeeting Client Behind a netfilter/iptables Firewall (Inbound/Outbound Calls)       Directly from the GnomeMeeting Website's Documentation       Blocking Outbound NetMeeting/GnomeMeeting Traffic      MSN Messenger       Connecting to Other MSN Users       Blocking MSN Messenger Traffic at the Firewall     Yahoo Messenger       Connecting to Yahoo Messenger       Blocking Yahoo Messenger Traffic     AOL Instant Messenger (AIM)       Connecting to AIM       Blocking AOL Instant Messenger Traffic     ICQ       Connecting to ICQ       Blocking ICQ     Summary       Recalling Our Methodology 18. DNS/DHCP.     Common Questions     Tools Discussed in this Part       Forwarding DNS Queries to an Upstream/Remote DNS Server       DNS Lookups Fail: Internal Hosts Communicating to an External Nameserver       DNS Lookups Fail: Short DNS Name Lookups Work-Long Name Lookups Do Not       DNS Lookups Fail: Nameserver Running on the Firewall        DNS Lookups Fail: Nameserver Running on the Internal and/or DMZ Network        Misleading rDNS Issue: New Mail, or FTP Connections to Remote Systems Take 30 Seconds or More to Start        DHCP: Dynamically Updating Firewall Rules with the IP Changes       Blocking Outbound DHCP       DHCP: Two Addresses on One External Interface       DHCP: Redirect DHCP Requests to DMZ     Summary 19. Virtual Private Networks.     Things to Consider with IPSEC     Common Questions/Problems     Tools Discussed in this Part       IPSEC: Internal Systems-Behind a NAT/MASQ Firewall Cannot Connect to an External IPSEC Server        IPSEC: Firewall Cannot Establish IPSEC VPNs        IPSEC: Firewall Can Establish Connections to a Remote VPN Server, but Traffic Does not Route Correctly Inside the VPN       PPTP: Cannot Establish PPTP Connections Through the Firewall     Running a PPTP Server Behind a NAT Firewall       PPTP: Firewall Cannot Establish PPTP VPNs        PPTP: Firewall Can Establish Connections to a Remote VPN Server, but Traffic Does not Route Correctly Inside the VPN       Using a free/openswan VPN to Secure a Wireless Network      Summary Index.